mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-11 23:03:45 -05:00
dd35ad43ca
* factor out GetSubpathFromConfig * mv web/subpath.go to utils/subpath.go * serve up web, api and ws on /subpath if configured * pass config to utils.RenderWeb(App)?Error This allows the methods to extract the configured subpath and redirect to the appropriate `/subpath/error` handler. * ensure GetSubpathFromConfig returns trailing slashes deterministically * fix error 404 handling * redirect /subpath to /subpath/ This is necessary for the static handler to match, otherwise none of the registered routes find anything. This also makes it no longer necessary to add trailing slashes in the root router.
51 lines
1.3 KiB
Go
51 lines
1.3 KiB
Go
// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
|
|
// See License.txt for license information.
|
|
|
|
package utils
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"encoding/asn1"
|
|
"encoding/base64"
|
|
"math/big"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/mattermost/mattermost-server/model"
|
|
)
|
|
|
|
func TestRenderWebError(t *testing.T) {
|
|
r := httptest.NewRequest("GET", "http://foo", nil)
|
|
w := httptest.NewRecorder()
|
|
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
require.NoError(t, err)
|
|
RenderWebError(&model.Config{}, w, r, http.StatusTemporaryRedirect, url.Values{
|
|
"foo": []string{"bar"},
|
|
}, key)
|
|
|
|
resp := w.Result()
|
|
location, err := url.Parse(resp.Header.Get("Location"))
|
|
require.NoError(t, err)
|
|
require.NotEmpty(t, location.Query().Get("s"))
|
|
|
|
type ecdsaSignature struct {
|
|
R, S *big.Int
|
|
}
|
|
var rs ecdsaSignature
|
|
s, err := base64.URLEncoding.DecodeString(location.Query().Get("s"))
|
|
require.NoError(t, err)
|
|
_, err = asn1.Unmarshal(s, &rs)
|
|
require.NoError(t, err)
|
|
|
|
assert.Equal(t, "bar", location.Query().Get("foo"))
|
|
h := sha256.Sum256([]byte("/error?foo=bar"))
|
|
assert.True(t, ecdsa.Verify(&key.PublicKey, h[:], rs.R, rs.S))
|
|
}
|